IN THE CLAIMS 

This listing of the claim will replace all prior versions and listings of claim in 
the present application. 
Listing of Claims 

1. (original) A security management system for controlling a security 
status of each of a plurality of managed systems constituting an information system 
in accordance with an information security policy representing a policy of a security 
measure, comprising: 

a plurality of management sections corresponding to at least one managed 
system and the information security policy, each management section being for 
controlling the security status of the managed system corresponding thereto so as to 
adjust the security status to the information security policy corresponding thereto; 

a database registering a correspondence of the information security policy, the 
managed system and each management section; 

a security content reception section for receiving a selection of a range of the 
information security policy and the managed system from a user; 

an extraction section for extracting from said database the management 
section registered so as to correspond to the information security policy and the 
managed system included in the range in which said security content reception 
section has received the selection; and 

a management control section for allowing the management section extracted 
by said extraction section to change the security status of the managed system 
corresponding to the management section so as to adjust to the information security 
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policy corresponding to the management section. 

2. (original) A security management system for auditing a security 
status of each of a plurality of managed systems constituting an information system, 
the security status concerning an information security policy representing a policy of 
a security measure, comprising: 

a plurality of audit sections corresponding to at least one managed system 
and at least one information security policy, each audit section being for auditing the 
security status concerning the corresponding information security policy of the 
corresponding managed system; 

a database registering a correspondence of the information security policy, the 
managed system and the audit section; 

a security content reception section for receiving a selection of a range of the 
information security policy and the managed system from the user; 

an extraction section for extracting from said database the audit section 
registered so as to correspond to the information security policy and the managed 
system included in the range in which said security content reception section has 
received the selection; and 

an audit control section for allowing the audit section extracted by said 
extraction section to audit the security status concerning the information security 
policy of the managed system corresponding to the audit section. 



4 



3. (original) A security management system for controlling a security 
status of each of a plurality of managed systems constituting an information system 
in accordance with an information security policy representing a policy of a security 
measure, comprising: 

a plurality of management sections corresponding to at least one managed 
system and at least one information security policy, each management section being 
for controlling the security status of the corresponding managed system so as to 
adjust the security state to the corresponding information security policy; 

a plurality of audit sections corresponding to at least one managed system 
and at least one information security policy, each audit section being for auditing the 
security status concerning the corresponding information security policy of the 
corresponding managed system; 

a database registering a correspondence of the information security policy, the 
managed system, the management section and the audit section; 

a security content reception section for receiving a selection of a range of the 
information security policy and the managed system from a user; 

an extraction section for extracting from said database the management 
section and the audit section, which are registered so as to correspond to the 
information security policy and the managed system included in the range in which 
said security content reception section has received the selection; 

a management control section for allowing the management section extracted 
by said extraction section to change the security status of the managed system 
corresponding to the management section so as to adjust to the information security 
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policy corresponding to the management section; and 

an audit control section for allowing the audit section extracted by said 
extraction section to audit the security status concerning the information security 
policy of the managed system corresponding to said audit section. 

4. (original) A security management method for controlling a security 
status of each of a plurality of managed systems constituting an information system 
with an electronic computer in accordance with an information security policy 
representing a policy of a security measure, comprising the steps of: 

receiving a selection of a range of the information security policy and the 
managed system from a user; 

extracting a management program corresponding to an information security 
policy and a managed system, included in the range in which the selection has been 
received, among a plurality of management programs describing a processing for 
controlling the security status of the corresponding managed system so as to adjust 
the security status to the corresponding information security policy, the plurality of 
management programs corresponding to at least one information security policy and 
at least one managed system, which are previously stored; and 

allowing the electronic computer to execute the extracted management 
program and to change the security status of the managed system corresponding to 
the management program so that the security status thereof is adjusted to the 
information security policy corresponding to the management program. 



6 



5. (original) A security management method for auditing, with an 
electronic computer, a security status of each of a plurality of managed systems 
constituting an information system, the security status concerning an information 
security policy representing a policy of a security measure, comprising the steps of: 

receiving a range of a selection of the information security policy and the 
managed system from a user; 

extracting an audit program registered so as to correspond to the information 
security policy and the managed system, which are included in the range in which 
the selection has been received, among a plurality of audit programs describing a 
processing for auditing the security status concerning the corresponding information 
security policy of the corresponding managed system, the plurality of audit programs 
corresponding to at least one information security policy and at least one managed 
system, which are previously stored; and 

allowing the electronic computer to execute the extracted audit program and 
to audit the security status of the managed system corresponding to the audit 
program, the security status concerning the information security policy corresponding 
to the audit program. 

6. (original) A storage medium storing a program for controlling a 
security status of each of a plurality of managed systems constituting an information 
system in accordance with an information security policy representing a policy of a 
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security measure, 

wherein said program is read out and executed by an electronic computer, 
to construct, on said electronic computer, 

a security content reception section for receiving a selection of a range of the 
information security policy and the managed system from a user; 

an extraction section for extracting a management program corresponding to 
an information security policy and a managed system, which are included in the 
range in which said security content reception section has received the selection, 
from a database storing a plurality of management programs describing a processing 
for controlling the security status of the corresponding managed system so as to 
adjust the security status of the managed system to the corresponding information 
security policy, the plurality of management programs corresponding at least one 
managed system and at least one information security policy; and 

a management control section for allowing said electronic computer to 
execute the management program executed by said extraction section and to 
change the security status of the managed system corresponding to the extracted 
management program so as to adjust the security status to the information security 
policy corresponding to the extracted management program. 

7. (original) A storage medium storing a program for auditing a 
security status concerning an information security policy representing a policy of a 
security measure of a plurality of managed systems constituting an information 
system, 
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wherein said program is read out and executed by an electronic computer, 
to construct, on said electronic computer, 

a security content reception section for receiving a selection of a range of the 
information security policy and the managed system from a user; 

an extraction section for extracting an audit program registered so as to 
correspond to an information security policy and a managed system, which are 
included in the range in which said security content reception section has received 
the selection, from a database storing a plurality of audit programs describing a 
processing for auditing the security status concerning the corresponding information 
security policy of the corresponding managed system, the plurality of audit programs 
corresponding to at least one managed system and at least one information security 
policy; and 

an audit control section for allowing the electronic computer to execute the 
audit program extracted by said extraction section and to audit the security status 
concerning the information security policy corresponding to the audit program of the 
managed system corresponding to the audit program. 

Claims 8-13 (canceled). 
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